[Emerging-Sigs] morpfeus lookin for something new? user/soapCaller.bs?

Jack Pepper pepperjack at afferentsecurity.com
Mon Jan 26 17:15:55 EST 2009


Quoting Michael Scheidell <scheidell at secnap.net>:

> 000 : 47 45 54 20 2F 75 73 65 72 2F 73 6F 61 70 43 61   GET /user/soapCa
> 010 : 6C 6C 65 72 2E 62 73 20 48 54 54 50 2F 31 2E 31   ller.bs HTTP/1.1
> 020 : 0D 0A 41 63 63 65 70 74 3A 20 2A 2F 2A 0D 0A 41   ..Accept: */*..A
> 030 : 63 63 65 70 74 2D 4C 61 6E 67 75 61 67 65 3A 20   ccept-Language:
> 040 : 65 6E 2D 75 73 0D 0A 41 63 63 65 70 74 2D 45 6E   en-us..Accept-En
> 050 : 63 6F 64 69 6E 67 3A 20 67 7A 69 70 2C 20 64 65   coding: gzip, de
> 060 : 66 6C 61 74 65 0D 0A 55 73 65 72 2D 41 67 65 6E   flate..User-Agen
> 070 : 74 3A 20 4D 6F 72 66 65 75 73 20 46 75 63 6B 69   t: Morfeus Fucki
> 080 : 6E 67 20 53 63 61 6E 6E 65 72 0D 0A 48 6F 73 74   ng Scanner..Host
>

Yeah, this has been going around.  Does anybody know what App this  
file would actually belong to?  Obviously there is an exploit out  
there for this app.

jp


-- 

Framework?  I don't need no stinking framework!

----------------------------------------------------------------
@fferent Security Labs:  Isolate/Insulate/Innovate  
http://www.afferentsecurity.com



More information about the Emerging-sigs mailing list